zotero-plugin 5.0.27 → 5.0.29

package/bin/fetch-zotero-log.py

@@ -4,57 +4,101 @@ import sys, os
 import urllib.request
 from zipfile import ZipFile
 from types import SimpleNamespace
+from pathlib import Path
 
-from cryptography.hazmat.primitives.asymmetric import padding
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.serialization import load_pem_private_key
+from Cryptodome.PublicKey import RSA
+from Cryptodome.Cipher import PKCS1_OAEP
+
+def oops(*args):
+  print(*args)
+  sys.exit(1)
 
 def debuglog():
-  local, host, remote = sys.argv[1].split('-')
+  if len(sys.argv) < 2:
+    oops('No log ID')
+
+  logid = Path(sys.argv[1])
+  tags = logid.suffixes
+  logid = str(logid).rstrip(''.join(tags))
+
+  try:
+    key, host, remote = logid.split('-')
+  except ValueError:
+    oops('Invalid log ID', sys.argv[1])
+
   if host != '0x0':
-    print('unexpected debug log host', host)
-    sys.exit(1)
+    oops('unexpected debug log host', host)
 
-  encrypted = ('.') in remote
-  remote = remote.split('.')[0]
-  ext = '.enc' if encrypted else '.zip'
-  url = f'https://0x0.com/{remote}{ext}'
-  return SimpleNamespace(local=local, host=host, remote=remote, encrypted=encrypted, ext=ext, url=url)
+  encrypted = ('.enc' in tags)
+  references = ('.refs' in tags)
+  cypher_rsa = None
+  if encrypted:
+    if len(len(sys.argv) != 3):
+      oops('no private key provided')
+    if Path(sys.argv[2]).suffix != '.pem':
+      oops('private key must be a .pem')
+
+  url = f'https://0x0.com/{remote}.zip'
+  SimpleNamespace(key=key, host=host, remote=remote, encrypted=encrypted, references=references, url=url),
+debuglog = debuglog()
 
 def download():
-  debuglog.downloaded = f'logs/{debuglog.local}{debuglog.ext}'
-  print(debuglog.url, '=>', debuglog.downloaded)
+  debuglog.zip = f'logs/{debuglog.key}.zip'
+  print(debuglog.url, '=>', debuglog.zip)
   logs = os.path.dirname(log)
   if not os.path.exists(logs):
     os.makedirs(logs)
-  urllib.request.urlretrieve(debuglog.url, debuglog.downloaded)
-
-def decrypt():
-  if not debuglog.encrypted:
-    return
-
-  encrypted = debuglog.downloaded
-  debuglog.downloaded = f'logs/{debuglog.local}.zip'
-
-  with open(sys.argv[2], 'rb') as f:
-    private_key = load_pem_private_key(f.read(), password=None)
-  with open(encrypted, 'rb') as f:
-    encrypted_data = f.read()
-  with open(debuglog.downloaded, 'wb') as f:
-    f.write(private_key.decrypt(encrypted_data, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None)))
-
-def show():
-  with ZipFile(debuglod.downloaded) as f:
-    for name in f.namelist():
-      if not '/' in name:
-        print('Unexpected', name, 'in', sys.argv[1])
-        sys.exit(1)
-      print(name)
-    f.extractall(path='logs')
-  os.remove(debuglog.downloaded)
-  print(debuglog.local)
+  urllib.request.urlretrieve(debuglog.url, debuglog.zip)
+
+def decrypt(encrypted, iv, target):
+  encrypted = encrypted.read()
+  iv = iv.read()
+
+  # The last 16 bytes of the encrypted file are the authentication tag for GCM
+  tag = encrypted[-16:]
+  ciphertext = encrypted[:-16]
+
+  cipher_aes = AES.new(symmetric_key, AES.MODE_GCM, nonce=iv)
+  decrypted = cipher_aes.decrypt_and_verify(ciphertext, tag)
+  with open(target, 'wb') as f:
+    f.write(decrypted)
+
+def unpack():
+  symmetric_key = None
+
+  with ZipFile(debuglog.zip) as zip:
+    files = zip.namelist()
+
+    symmetric_key = [f for f in files if Path(f).suffix == '.key']
+    match len(private_key):
+      case 0:
+        if debuglog.encrypted:
+          oops('No key found in', debuglog.key)
+
+      case 1:
+        with open(sys.argv[2], 'rb') as f:
+          private_key = RSA.import_key(f.read())
+          cipher_rsa = PKCS1_OAEP.new(private_key)
+        with zip.open(symmetric_key[0]) as f:
+          symmetric_key = cipher_rsa.decrypt(f.read())
+
+      case _:
+        oops('Multiple keys found in', debuglog.key)
+
+    for name in files:
+      match Path(name).suffix:
+        case '.key' | '.iv'
+          pass
+        case '.enc'
+          print(Path('logs') / name.with_suffix('.zip'), '(encrypted)')
+          iv = next((f for f in filename_list if f == Path(name).with_suffix('.iv')), None)
+
+          with zip.open(name) as f_data, open(iv) as f_iv:
+            decrypt(f_data, f_iv, str(Path('logs') / name))
+
+        case _:
+          print(Path('logs') / name)
+          f.extract(name, path='logs')
 
-debuglog = debuglog()
 download()
 decrypt()
-show()

package/bin/release.js

@@ -8448,7 +8448,7 @@ Expecting one of '${allowedValues.join("', '")}'`);
     "package.json"(exports, module) {
       module.exports = {
         name: "zotero-plugin",
-        version: "5.0.27",
+        version: "5.0.29",
         description: "Zotero plugin builder",
         homepage: "https://github.com/retorquere/zotero-plugin/wiki",
         bin: {

package/debug-log.d.ts

@@ -1,3 +1,13 @@
+export declare class Bundler {
+    #private;
+    key: string;
+    private IV_LENGTH;
+    constructor(pubkey: string);
+    add(path: string, data: string, refs?: boolean): Promise<void>;
+    get zip(): ArrayBuffer;
+    get name(): string;
+    id(remote: string): string;
+}
 declare class DebugLogSender {
     id: {
         menu: string;

package/debug-log.js

@@ -1,9 +1,63 @@
 "use strict";
 /* eslint-disable no-magic-numbers */
+var _Bundler_refs, _Bundler_symmetric, _Bundler_pubkey, _Bundler_crypto, _Bundler_subtle, _Bundler_files, _Bundler_encoder;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DebugLog = void 0;
+exports.DebugLog = exports.Bundler = void 0;
 const tslib_1 = require("tslib");
+Components.utils.importGlobalProperties(['FormData']);
+const pkg = require('./package.json');
 const UZip = tslib_1.__importStar(require("uzip"));
+class Bundler {
+    constructor(pubkey) {
+        _Bundler_refs.set(this, false);
+        this.IV_LENGTH = 12;
+        _Bundler_symmetric.set(this, void 0);
+        _Bundler_pubkey.set(this, void 0);
+        _Bundler_crypto.set(this, void 0);
+        _Bundler_subtle.set(this, void 0);
+        _Bundler_files.set(this, {});
+        _Bundler_encoder.set(this, new TextEncoder());
+        this.key = Zotero.Utilities.generateObjectKey();
+        tslib_1.__classPrivateFieldSet(this, _Bundler_pubkey, pubkey, "f");
+        tslib_1.__classPrivateFieldSet(this, _Bundler_crypto, Zotero.getMainWindow().crypto, "f");
+        tslib_1.__classPrivateFieldSet(this, _Bundler_subtle, tslib_1.__classPrivateFieldGet(this, _Bundler_crypto, "f").subtle, "f");
+    }
+    async add(path, data, refs = false) {
+        tslib_1.__classPrivateFieldSet(this, _Bundler_refs, tslib_1.__classPrivateFieldGet(this, _Bundler_refs, "f") || refs, "f");
+        const encoded = tslib_1.__classPrivateFieldGet(this, _Bundler_encoder, "f").encode(data);
+        if (tslib_1.__classPrivateFieldGet(this, _Bundler_pubkey, "f")) {
+            if (!tslib_1.__classPrivateFieldGet(this, _Bundler_symmetric, "f")) {
+                tslib_1.__classPrivateFieldSet(this, _Bundler_symmetric, await tslib_1.__classPrivateFieldGet(this, _Bundler_subtle, "f").generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt', 'decrypt']), "f");
+                const base64Pem = tslib_1.__classPrivateFieldGet(this, _Bundler_pubkey, "f")
+                    .replace('-----BEGIN PUBLIC KEY-----', '')
+                    .replace('-----END PUBLIC KEY-----', '')
+                    .replace(/\s/g, '');
+                const keyBuffer = Uint8Array.from(atob(base64Pem), c => c.charCodeAt(0)).buffer;
+                const publicKey = await tslib_1.__classPrivateFieldGet(this, _Bundler_subtle, "f").importKey('spki', keyBuffer, { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']);
+                const exportedKey = await tslib_1.__classPrivateFieldGet(this, _Bundler_subtle, "f").exportKey('raw', tslib_1.__classPrivateFieldGet(this, _Bundler_symmetric, "f"));
+                tslib_1.__classPrivateFieldGet(this, _Bundler_files, "f")[`${this.key}/${this.key}.key`] = new Uint8Array(await tslib_1.__classPrivateFieldGet(this, _Bundler_subtle, "f").encrypt({ name: 'RSA-OAEP' }, publicKey, exportedKey));
+            }
+            const iv = tslib_1.__classPrivateFieldGet(this, _Bundler_crypto, "f").getRandomValues(new Uint8Array(this.IV_LENGTH));
+            const encryptedData = await tslib_1.__classPrivateFieldGet(this, _Bundler_subtle, "f").encrypt({ name: 'AES-GCM', iv: iv }, tslib_1.__classPrivateFieldGet(this, _Bundler_symmetric, "f"), encoded);
+            tslib_1.__classPrivateFieldGet(this, _Bundler_files, "f")[`${this.key}/${path}.iv`] = iv;
+            tslib_1.__classPrivateFieldGet(this, _Bundler_files, "f")[`${this.key}/${path}.enc`] = new Uint8Array(encryptedData);
+        }
+        else {
+            tslib_1.__classPrivateFieldGet(this, _Bundler_files, "f")[`${this.key}/${path}`] = encoded;
+        }
+    }
+    get zip() {
+        return UZip.encode(tslib_1.__classPrivateFieldGet(this, _Bundler_files, "f"));
+    }
+    get name() {
+        return `${this.key}.zip`;
+    }
+    id(remote) {
+        return `${this.key}-${remote}${tslib_1.__classPrivateFieldGet(this, _Bundler_refs, "f") ? '.refs' : ''}${tslib_1.__classPrivateFieldGet(this, _Bundler_pubkey, "f") ? '.enc' : ''}`;
+    }
+}
+exports.Bundler = Bundler;
+_Bundler_refs = new WeakMap(), _Bundler_symmetric = new WeakMap(), _Bundler_pubkey = new WeakMap(), _Bundler_crypto = new WeakMap(), _Bundler_subtle = new WeakMap(), _Bundler_files = new WeakMap(), _Bundler_encoder = new WeakMap();
 class DebugLogSender {
     constructor() {
         this.id = {
@@ -67,63 +121,35 @@ class DebugLogSender {
             Services.prompt.alert(null, 'Debug log submission error', `${err}`); // eslint-disable-line @typescript-eslint/restrict-template-expressions
         });
     }
-    async sendAsync(plugin, preferences, pubkey) {
+    async sendAsync(plugin, preferences, pubkey = '') {
         await Zotero.Schema.schemaUpdatePromise;
-        const files = {};
-        const enc = new TextEncoder();
-        const key = Zotero.Utilities.generateObjectKey();
+        const bundler = new Bundler(pubkey);
         let log = [
             await this.info(preferences),
             Zotero.getErrors(true).join('\n\n'),
             Zotero.Debug.getConsoleViewerOutput().slice(-250000).join('\n'), // eslint-disable-line no-magic-numbers
         ].filter((txt) => txt).join('\n\n').trim();
-        files[`${key}/debug.txt`] = enc.encode(log);
+        bundler.add('debug.txt', log);
         let rdf = await this.rdf();
         if (rdf)
-            files[`${key}/items.rdf`] = enc.encode(rdf);
-        // do this runtime because Zotero is not defined at start for bootstrapped zoter6 plugins
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
-        if (typeof FormData === 'undefined' && Zotero.platformMajorVersion >= 102)
-            Components.utils.importGlobalProperties(['FormData']);
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access
-        const zip = new Uint8Array(UZip.encode(files));
-        let blob;
-        let ext = '';
-        if (pubkey) {
-            try {
-                const subtle = Zotero.getMainWindow().crypto.subtle;
-                const pem = pubkey
-                    .replace('-----BEGIN PUBLIC KEY-----', '')
-                    .replace('-----END PUBLIC KEY-----', '')
-                    .replace(/\s/g, '');
-                const keyBuffer = Uint8Array.from(atob(pem), c => c.charCodeAt(0)).buffer;
-                const publicKey = await subtle.importKey('spki', keyBuffer, { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['encrypt']);
-                const encrypted = await subtle.encrypt({ name: 'RSA-OAEP' }, publicKey, zip);
-                blob = new Blob([encrypted], { type: 'application/octet-stream' });
-                ext = '.enc';
-            }
-            catch (err) {
-                Services.prompt.alert(null, `Log encryption for ${plugin} failed`, err.message);
-            }
-        }
-        if (!blob)
-            blob = new Blob([zip], { type: 'application/zip' });
+            bundler.add('items.rdf', rdf, true);
+        const blob = new Blob([bundler.zip], { type: 'application/zip' });
         const formData = new FormData();
-        formData.append('file', blob, `${key}${ext || '.zip'}`);
+        formData.append('file', blob, bundler.name);
         formData.append('expire', `${7 * 24}`);
         try {
             const response = await fetch('https://0x0.st', {
                 method: 'POST',
                 body: formData,
                 headers: {
-                    'User-Agent': 'curl/8.7.1',
+                    'User-Agent': `Zotero-plugin/${pkg.version}`,
                 },
             });
             const body = await response.text();
             const id = body.match(/https:\/\/0x0.st\/([A-Z0-9]+)\.zip/i);
             if (!id)
                 throw new Error(body);
-            Services.prompt.alert(null, `Debug log ID for ${plugin}`, `${key}-0x0-${id[1]}{ext}`);
+            Services.prompt.alert(null, `Debug log ID for ${plugin}`, bundler.id(`0x0-${id[1]}`));
         }
         catch (err) {
             Services.prompt.alert(null, `Could not post debug log for ${plugin}`, err.message);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zotero-plugin",
-  "version": "5.0.27",
+  "version": "5.0.29",
   "description": "Zotero plugin builder",
   "homepage": "https://github.com/retorquere/zotero-plugin/wiki",
   "bin": {